Security Vulnerabilities - CVEs Published In 2019
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-13
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-13
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-13
Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-12-13
duplicity 0.6.24 has improper verification of SSL certificates
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-13
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-12-13
suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-13
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
CVSS Score
4.4
EPSS Score
0.001
Published
2019-12-13
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-13
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-13